Data Privacy Statement

Privacy Policy

I. Data Protection at a glance

The following declaration provides a simple explanation of what will happen to your personal data when you visit our website. Personal data are all data which can identify you personally. Please see the privacy policy below for more detailed information on data protection.

Who is responsible for collecting data on this website?

Data processing on this website is carried out by the website owner whose contact details can be found in the Legal information of this website.

How do we collect your data?

Your data are collected when you provide them to us. For example, these can be data which you enter into a contact form.

Other data are collected automatically by our IT systems when you visit our website. These are mainly technical data (e.g. Internet browser, operating system and time of accessing the page). These data are collected automatically as soon as you access our website via your browser.

How do we use your data?

Some of the data are collected to ensure correct presentation of the website. Other data can be used to analyse user behaviour.

What rights do you have regarding your data?

You have the right to receive information on the origin, the recipient and the purpose of your stored personal data at any time free of charge. You also have the right to request correction, amendment, restriction or deletion of these data. To exercise your rights or if you have any other questions regarding data protection, please contact us at any time at the address listed under “Imprint and General Terms of Business” on this website. In addition, you have the right to complain to the relevant data protection authority.

Analysis tools and third-party tools

When you visit our website, your Internet activity can be evaluated statistically. This is done mainly by means of cookies and analysis programs. The analysis of your Internet activity is usually anonymous; the internet activity cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. Refer to the data privacy statement below for more detailed information.

You can object to this analysis. The data privacy statement provides information on how to object.

Privacy Policy

II. General Information and Mandatory Information

Data privacy

The website owner takes the protection of your personal data very seriously. When you use this website, various personal data are collected. Personal data are data which enable you personally to be identified. This Data Privacy Statement explains which data we collect and what we use them for. It also explains how this is done and for what purpose.

 

We would like to point out that the transfer of data via the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. It is not possible to protect data completely from access by third parties.

 

We treat your personal data confidentially and in accordance with the legal data protection legislation and this Data Privacy Statement. This means the personal data of users are processed as follows when they visit this website (without additional contact by e-mail):

 

Types of personal data processed:

  • User-related data (e.g. name, address - only if contact is initiated electronically)
  • Contact data (e.g. e-mail address, telephone number - only if contact is initiated electronically)
  • Contents data (e.g. text input, image files, video files - only if contact is initiated electronically)
  • Usage data (e.g. pages visited, interest in contents, access times)
  • Meta/communications data (e.g. equipment information, IP addresses)

Categories of data subjects

Visitors and users of the website (hereinafter all referred to as “Users”).

 

Purpose of processing

  • Provision of the website offer, its functions and contents
  • Replying to enquiries and communication with users
  • Security measures
  • Measurement of reach/marketing

As a responsible provider we dispense with automatic decision-making and profiling.

Definitions

This Data Privacy Statement uses, among others, the following legal terms which are used by the European body issuing directives and regulations in the General Data Protection Regulation (GDPR) and which are defined therein in Art. 4 (Definitions) as follows:

 

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller

ROBEL Bahnbaumaschinen GmbH
Industriestrasse 31
D-83395 Freilassing
Germany

Tel.: +49-8654-609-0
Fax: +49-8654-609-100
E-Mail: info@robel.com

 

The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses and similar).

Data protection officer

In case of questions or suggestions regarding data protection and to enforce your rights as data subject please contact our data protection officer at any time:

 

ROBEL Bahnbaumaschinen GmbH
- Datenschutz - (Data privacy)
Industriestrasse 31
D-83395 Freilassing
Germany
E-Mail: datenschutz@robel.com

Right to lodge a complaint with a supervisory authority

You have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your workplace or the place of the probable infringement if you are of the opinion that the processing of your personal data is unlawful.

Rights of the data subjects

The applicable data protection law grants you, as the data subject, extensive rights vis-a-vis the controller with regard to the processing of your personal data (right of access and intervention) about which we inform you below:

 

Right of access as per Art. 15 GDPR: In accordance with Art. 15 GDPR, you have the right to obtain from us information about your personal data processed by us. You should provide precise information on your request in the application so that it makes it easier to compile the data required. Please note that your right of access may be restricted under certain circumstances in accordance with legal regulations (in particular Article 34 of the German Data Protection Law and Art. 10 of the Bavarian Data Protection Law).

 

Right to rectification as per Art. 16 GDPR: You have the right to rectification of inaccurate personal data concerning you and/or completion of incomplete data stored by us without undue delay.

 

Right to erasure as per Art. 17 GDPR: You have the right to request erasure of personal data concerning you if the conditions listed in Art. 17 Para. 1 GDPR apply. However, this right is not applicable in particular where the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

 

Right to restriction of processing as per Art. 18 GDPR: You have the right to request restriction of processing of your personal data for a period enabling the verification of the accuracy of the personal data, if you oppose the erasure of your personal data due to improper data processing and request the restriction of their use instead; if you require your personal data for the establishment, exercise or defence of legal claims where we no longer need the personal data for the purposes of the processing; or if you have objected due to your particular situation pending the verification whether our legitimate grounds override your reasons.

 

Right to notification as per Art. 19 GDPR: If you have exercised your right to rectification, erasure or restriction of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.

 

Right to data portability as per Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to request transmission of those data to another controller provided this is technically feasible.

 

Right to withdraw consent as per Art. 7 Para. 3 GDPR: You have the right to withdraw your consent to processing of your data at any time with future effect. In case of withdrawal of consent, we shall delete the data concerned without delay, provided further processing cannot be supported by a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right to object as per Art. 21 GDPR: You have the right to object to future processing of your personal data at any time in accordance with the provisions of Art. 21 GDPR. The objection may be in particular to processing of the personal data for direct marketing purposes.

Data collected on our website

This website uses cookies. Cookies are text files which are placed and stored on a computer/computer system of a user via an Internet browser. Various information can be stored in a cookie. A cookie is used primarily to store information on a user (or the equipment on which the cookie is stored) during or also after the visit to a website. Cookies are referred to as “session cookies” or “transient cookies” if they are deleted after the user leaves a website and closes the browser. Such a cookie stores, for example, the contents of a shopping basket in an online shop or a login status. Cookies are referred to as “permanent” or “persistent” if they continue to be stored even after the browser has been closed. Thus, for example, the login status can be stored if the user visits the website again several days later. Also, the interests of the user may be stored in such a cookie to be used for reach measurement or marketing purposes. Cookies are referred to as “third-party cookies” if they are offered by other parties than the controller who operates the website (otherwise, i.e. if they are only the controller’s cookies, they are referred to as “first-party cookies”).

 

If a user does not want cookies to be stored on his computer, he must deactivate the relevant option in the system settings of his browser. It is also possible to delete cookies already stored via the system settings of the browser. The blocking of cookies can lead to functional impairment of this website.

 

You can find further information on cookies here https://www.robel.com/en/cookie-notice/.

 

Server log files

 

The hosting services from our hosting provider are used to provide the following services for our website: Infrastructure and platform services, computer capacity, data storage and database services, security services and technical maintenance services which we use for the purpose of operating this website. We or our hosting provider process contact data (in case of e-mail contact: e-mail address), usage data, meta and communications data of users of this website on the basis of our legitimate interest in an efficient and safe provision of this website in accordance with Art. 6, Para. 1 (f) GDPR in conjunction with Art. 28 GDPR.

 

We or our hosting provider collect various general data and information on each access of our website by a data subject or an automated system. These general data and information are stored in the log files of the server. The following may be recorded (1) browser type and version used, (2) operating system used by the accessing system, (3) the web page from which the accessing system reaches our website (so-called referrer), (4) the sub-pages which are called up on our website by an accessing system, (5) the date and time of the access to the website, (6) the IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information which are used to prevent danger in case of attacks on our IT systems.

 

When using these general data and information, we or our hosting provider draw no conclusions about the data subject. This information is rather required to (1) correctly display the contents of our website, (2) optimise the contents of our website and the advertising of same, (3) ensure the continuous functionality of our IT systems and the technology of our website and (4) to be able to provide the law enforcement agencies with the information necessary for law enforcement in case of a cyber attack. The server log file data are stored separately from any personal data provided by a data subject.

 

Access and security protocols at system level are maintained by the service used by us https://platform.sh/ for diagnostic purposes. These protocols are not accessible to us. These protocols are stored for a minimum of 6 months and a maximum of 1 year. Protocols at general system level are stored for a minimum of 30 days and a maximum of 1 year.

Contact

If you are contacting us (e.g. by e-mail, telephone or social media), the user data are processed in accordance with Art 6, Para. 1 (b) GDPR to deal with the enquiry. The data provided by the user may be stored in a customer relationship management system (“CRM system”) or a similar enquiry system.

 

If you send us enquiries by e-mail, the data from the e-mail enquiry form including the contact data provided therein are stored by us to process the enquiry and in case of follow-on questions. We do not pass these data on to third parties without your consent.

 

Processing of the data provided in an e-mail therefore takes place exclusively on the basis of your consent (Art. 6 Para. 1 (a) GDPR). You can withdraw your consent at any time. It is sufficient to inform us of this by e-mail. The lawfulness of any data processing up to withdrawal of consent shall not be affected by the withdrawal of consent.

 

The data provided in an e-mail remain with us until you request their deletion, withdraw consent for their storage or the purpose for their storage is no longer applicable (e.g. after processing of the enquiry is completed). Mandatory legal requirements - in particular retention periods - shall not be affected.

Legal basis

In accordance with Art. 13 GDPR we have to inform you of the legal basis for collecting personal data. Where the legal basis is not expressly mentioned in this Data Privacy Statement, the following shall apply: The legal basis for obtaining consent are Art. 6, Para. 1 (a) and Art. 7 GDPR, the legal basis for data processing to provide our services and implement contractual measures as well as reply to enquiries is Art. 6, Para. 1 (b) GDPR, the legal basis for data processing to meet our legal obligations is Art. 6, Para. 1 (c) GDPR and the legal basis for data processing to protect our legitimate interest is Art. 6, Para. 1 (f) GDPR.

Disclosure of data

The disclosure of your personal data to third parties for purposes other than those listed below does not take place. We disclose your personal data to third parties only if:

  • you have given your express consent to this in accordance with Art. 6, Para. 1 (a), sentence 1 GDPR;
  • disclosure in accordance with Art. 6, Para. 1 (f) sentence 1 GDPR is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data;
  • there is a legal requirement for disclosure in accordance with Art. 6, Para. 1 (c) sentence 1 GDPR; and
  • this is legally permissible and, in accordance with Art. 6, Para. 1 (b) sentence 1 GDPR, required for the implementation of the contractual relationship with you.

If we disclose data to other persons or companies (processors or third parties) within the scope of data processing, transmit data to them or grant them other access to data, this will be done on the basis of statutory authorisation or on the basis of your consent or because a legal duty provides for this or on the basis of our legitimate interests (e.g. when using a hosting provider etc.). 

 

If we enter into a “data processing agreement” with a third party for the processing of personal data, this is done on the basis of Art. 28 GDPR.

If we process data in a third country (i.e. outside the European Union (EU) or outside the European Economic Area (EEA)) or if this takes place within the scope of utilising the services of third parties by disclosure or transmission of data to third parties, this shall be done only if it is done to meet our (pre)-contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal and contractual permissions, we process the data or the data are processed in a third country only if the special conditions of Art. 44 ff GDPR are met. This means, processing takes place, for example, on the basis of special guarantees such as the officially accepted decision that the level of data protection is equivalent to that of the EU (e.g. for the USA by means of the “Privacy Shield”) or observance of officially accepted special contractual provisions (“Standard Contract Clauses”).

Erasure of data / restriction of processing

The personal data processed by us are erased or their processing is restricted in accordance with Art. 17 and Art. 18 GDPR. Unless expressly stated in this Data Privacy Statement, the data stored by us are erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with the legal obligation to retain such data. This applies, for example, to data which must be stored for reasons of commercial or tax law (e.g. Art. 257 German Commercial Code, Art. 147, Para. 1 German Tax Code - retention for up to 10 years). If the data are not erased because they are required for other legally permissible purposes, their processing will be restricted. This means the data will be restricted and not processed for any other purpose.

Google Analytics

This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses “cookies”, i.e. text files which are stored on your computer and which enable analysis of your use of the website. The information on your use of this website (including the shortened IP address) generated by the cookie is, as a rule, transmitted to a Google server in the USA and is stored there.

 

Google LLC, with its registered office in the USA, is certified for the EU-US data protection agreement “Privacy Shield”, which ensures observance of the data protection level applicable in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

You can find more information on the handling of user data by Google Analytics in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

 

This website uses Google Analytics exclusively with the extension “_anonymizeIp()” which ensures anonymisation of the IP address by shortening it and thus no direct identification of the user is possible. By using this extension, your IP address is shortened by Google within the member states of the European Union or in other contracting countries to the Agreement on the European Economic Area. The full IP address is sent to a Google Server in the USA only in exceptional cases and shortened there. The IP address transmitted by your browser to Google Analytics is not linked to other data of Google. As instructed by the owner of this website, Google will use this information to evaluate your usage of the website, to compile reports on the website activities and to provide other services connected to website usage and Internet usage to the owner of the website. These are the reasons for our legitimate interest in processing your data. The legal basis for the use of Google Analytics is Art. 15, Section 3 German Telemedia Act and Art. 6 Para. 1 (f) GDPR. The data transmitted by us and linked with cookies, user identification (e.g. user ID) or advertising IDs are automatically erased after 26 months. The erasure of data, the storage period of which has expired, is carried out automatically once per month. Further information on the conditions of use and data protection can be found under https://www.google.com/analytics/terms/gb.html and https://policies.google.com/?hl=en.

 

You can prevent the storage of cookies with relevant settings in your browser software; however, we would like to point out that you may not be able to use all functions of this website to the full extent in this case. Furthermore, you can prevent recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and processing of these data by Google by downloading and installing the browser plugin available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=en

 

As an alternative to the browser plugin or for browsers on mobile devices, please click on the following link to set an opt-out cookie which prevents recording by Google Analytics on this website in future (this opt-out cookie only works in this browser and only for this domain; if you delete the cookies in this browser, you must click on the link again): Deactivate Google Analytics[javascript:gaOptout()]

Data protection provisions for the use of YouTube

The data controller has integrated components of YouTube on this website. YouTube is an Internet video portal which allows the free placing of video clips and the free viewing, rating and commenting by other users of these. YouTube permits the publication of all types of videos so that complete films and TV broadcasts, but also music videos, trailers or videos made by users themselves can be called up via the Internet portal.

 

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

 

By calling up one of the pages of this website which is operated by the controller responsible for data processing and into which a YouTube component (YouTube video) has been integrated, the relevant YouTube component automatically causes the Internet browser on the IT device of the data subject to download the relevant YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/intl/en/yt/about/. As part of this technical process, YouTube and Google will gain knowledge on which specific page of our website has been visited by the data subject.

If the data subject is simultaneously logged into YouTube, YouTube will recognise on calling up a page containing a YouTube video which specific page of our website has been visited by the data subject. This information is collected by YouTube and Google and linked to the YouTube account of the data subject.

YouTube and Google always receive the information via the YouTube component that the data subject has visited our web page if the data subject is simultaneously logged into YouTube when calling up our web page; this takes place independently of whether the data subject clicks on a YouTube video or not. If the data subject does not wish that this information is transmitted to YouTube and Google, the data subject can prevent this transmission by logging out of the YouTube account before calling up our web page.

 

The privacy policy published by YouTube is available under policies.google.com/privacy and gives information on the collection, processing and use of personal data by YouTube and Google.

Newsletter

Below we inform you about the contents of our newsletter and the registration procedure, dispatch and statistical analysis as well as your rights to object. By subscribing to our newsletter, you agree to its receipt and the procedures described.

 

Contents of the newsletter: We e-mail newsletters or other notifications with advertising information (“newsletter”) only with consent of the recipient or a statutory authorisation. If, as part of a registration for a newsletter, details about its contents are provided, these details are crucial for the consent of the user. Otherwise our newsletters contain information on our services and on ourselves.

 

Double opt in and recording: Registration for our newsletter takes place by means of the double opt in process. This means after registration you will receive an e-mail asking you to confirm your registration. This confirmation is required so that nobody can register under another e-mail address. Registrations for the newsletter are recorded to prove that the registration process complies with the legal requirements. This includes storage of the time of registration and confirmation and the IP address. Any changes to the data stored by the delivery service provider shall also be recorded.

 

Registration data: To register for the newsletter, it is sufficient to submit your e-mail address. Optionally, we ask for a name so that we can address you personally in the newsletter, and we ask for the language required.

 

The dispatch of the newsletter and the performance measurement connected to this take place on the basis of a consent of the recipient in accordance with Art. 6, Para. 1 (a) and Art. 7 GDPR in conjunction with Art. 7 Section 2 No. 3 of the German Fair Trade Practices Act (UWG) and on the basis of the statutory authorisation in accordance with Art. 7 Section 3 UWG.

 

Recording of the registration process takes place on the basis of our legitimate interest in accordance with Art. 6, Para 1 (f) GDPR. We are interested in using a user-friendly as well as safe newsletter system which serves our business interests and also meets the expectations of users and permits us to provide proof of consent.

 

Cancellation/withdrawal of consent: You can terminate the receipt of our newsletter at any time, i.e. withdraw your consent. A link for cancelling the newsletter is provided at the end of each newsletter. We can store a de-registered e-mail address for up to three years on the basis of our legitimate interest before erasing it to be able to prove previously given consent. Processing of these data is restricted to the purpose of a possible defence against claims. An individual application for erasure is possible at any time provided the previous existence of a consent is confirmed at the same time.

Service provider Mailchimp

The newsletter is dispatched by the delivery service provider “MailChimp”, a newsletter dispatch platform of the US service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can find the privacy policy of the service provider here: https://mailchimp.com/legal/privacy/. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and thus offers a guarantee that the European data protection level is maintained (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The delivery service provider is used on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR and a data processing agreement in accordance with Art. 28 Para. 3, sentence 1 GDPR.

 

The delivery service provider can use the data of the recipient in an anonymised form, i.e. without linking it to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and the presentation of the newsletters or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients to contact them or to pass them on to third parties.

 

A performance measurement of the newsletter, e.g. by using a “web beacon”, does not take place.

Data protection for job applications and during the application process

The data controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Processing may also take place electronically. This is the case in particular if an applicant has submitted the application documents to the controller electronically, for example by e-mail or via a web form on a web page. If the controller enters into an employment contract with an applicant, the data transmitted are stored for the purpose of processing the employment relationship taking account of the legal provisions. If the controller does not enter into an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the negative reply provided no other legitimate interests of the controller conflict with this. Other legitimate interests in this context are, for example, an obligation to provide proof in proceedings under the German Equality Act (AGG).

Security measures

We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection legislation are observed and in this way to protect data processed by us against accidental or deliberate manipulations, loss, destruction or against access by unauthorised persons.